﻿using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using OnlineAuction.Business;

namespace OnlineAuction.Ajax
{
    public partial class Login : System.Web.UI.Page
    {
        SqlConnection conn;
        SqlDataReader reader;
        string connectString;

        protected void Page_Load(object sender, EventArgs e)
        {
            AuctionBO bo = new AuctionBO();
            connectString = bo.GetConnection();
            string res = "ss";
            string uName = "";
            bool existed = false;
            string id = Request.QueryString["id"];
            string pw = Request.QueryString["pw"];
            conn = new SqlConnection(connectString);
            //get username and password
            conn.Open();
            string query = "Select UserName,UserPassword,UserFullName,UserState from Users ";
            SqlCommand cmd = new SqlCommand(query, conn);
            reader = cmd.ExecuteReader();

            string account = "";
            while (reader.Read() && reader.HasRows)
            {
                account = reader.GetString(0);
                if (account == id)
                {
                    existed = true;
                    string pass = reader.GetString(1);
                    bool uState = bool.Parse(reader["UserState"].ToString());
                    if (uState == false)
                    {
                        res = "Your account has been banned";
                    }
                    else if (pass == pw)
                    {
                        uName = reader.GetString(2);
                        //log in success ->create cookie
                        Response.Cookies["UserInfo"]["UserName"] = id;
                        Response.Cookies["UserInfo"]["FullName"] = uName;
                        Response.Cookies["UserInfo"].Expires = DateTime.Now.AddHours(24);
                        Response.Cookies["UserInfo"]["Role"] = "User";
                        Response.Cookies["UserInfo"]["FaultCount"] = "0";
                        res = "success";
                        break;
                    }
                    else
                    {
                        res = "Password incorrect";
                    }
                }
            }
            conn.Close();

            if (!existed)
            {
                conn.Open();
                query = "Select ManagerName, ManagerPassword, ManagerFullName from Managers";
                cmd = new SqlCommand(query, conn);
                reader = cmd.ExecuteReader();

                account = "";
                while (reader.Read() && reader.HasRows)
                {
                    account = reader.GetString(0);
                    if (account == id)
                    {
                        existed = true;
                        string pass = reader.GetString(1);

                        if (pass == pw)
                        {
                            uName = reader.GetString(2);
                            //log in success ->create cookie
                            Response.Cookies["UserInfo"]["UserName"] = id;
                            Response.Cookies["UserInfo"]["FullName"] = uName;
                            Response.Cookies["UserInfo"].Expires = DateTime.Now.AddHours(24);
                            Response.Cookies["UserInfo"]["Role"] = "Admin";
                            res = "success";
                            break;
                        }
                        else
                        {
                            res = "Password incorrect";
                        }
                    }
                }
                conn.Close();
                if (!existed)
                    res = "Username is not exist";
            }
            Response.Expires = -1;		//required to keep the page from being cached on the                                            client's browser
            Response.ContentType = "text/plain";
            Response.Write(res);
            Response.End();
        }
    }
}